plugin-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill references official Anthropic documentation and GitHub repositories (anthropics/skills, anthropics/claude-code) which are identified as trusted sources.
- COMMAND_EXECUTION (SAFE): Provides a scaffolding script for local directory creation and file generation. The script uses standard shell commands (mkdir, cd, cat) to create a project structure and is entirely benign.
- INDIRECT_PROMPT_INJECTION (LOW): The skill provides guidance on creating Agents and Hooks that will process untrusted data in the future. It includes specific security best practices (Minimal Permissions, No Secrets in Code) to mitigate these potential risks.
- REMOTE_CODE_EXECUTION (SAFE): While the guide mentions MCP servers (npx) and Hooks, these are documented examples for the user to implement locally and do not contain pre-configured malicious execution paths.
Audit Metadata